Free EMR Newsletter Want to receive the latest news on EMR, Meaningful Use,
ARRA and Healthcare IT sent straight to your email? Join thousands of healthcare pros who subscribe to EMR and HIPAA for FREE!!

Email Address:

We never sell or give out your contact information.
We respect our readers' privacy.

Anne Zieger is a healthcare journalist who has written about the industry for 30 years. Her work has appeared in all of the leading healthcare industry publications, and she's served as editor in chief of several healthcare B2B sites.

The initiative, spearheaded by the indefatigable CIO John Halamka, MD, MS, is massive in scope, affecting as it does 18,000 faculty members and 3,000 doctors, plus a large student population. Costly and time-consuming though it may be, I think it’s an object lesson in what needs to be done to make “bring your own device” a safe and sustainable part of hospital computing.

“It is no longer sufficient to rely on policy alone to secure personal mobile devices,” Halamka said. “Institutions must educate their staff, assist them with encryption, and in some cases purchase software/hardware for personal users to ensure compliance with Federal and State regulations.”

Halamka and his team already began training staff regarding smart phone devices connecting with the Exchange e-mail system using ActiveSync. Under the new regime, those devices must now have password protection.

Next, the Information Systems team is beginning the massive task of encrypting all mobile devices. They’re starting with company-owned laptops and iPad-type tablets, but expect to move out into encrypting other tablets later.

While the process is understandably complex, broadly speaking the IS department is going to take every device currently owned by the institution and give it a complete going over for malware and vulnerabilities, make sure the configuration meets security standards, then fully encrypt it to meet HIPAA/HITECH safe harbor criteria.

The next phase of the program will extend the checkup and encryption process to any personally owned computers and tablets used to access BIDMC data. I’ll be interested to see if people get squeamish about that. There’s a big difference, emotionally, between letting IS strip your work device naked and sharing your personal iPad. But clearly, if BYOD is to have a future, initiatives like this will need to go on at hospitals across the nation.

Free EMR Newsletter Want to receive the latest news on EMR, Meaningful Use,
ARRA and Healthcare IT sent straight to your email? Join thousands of healthcare pros who subscribe to EMR and HIPAA for FREE!

Email Address:

We never sell or give out your contact information. We respect our readers' privacy.